[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: World writable pid and lock files.

On Tue, 10 May 2011, helpermn wrote:
> I imagine why files listed below have 666 file mode bits set:
> /var/run/checkers.pid
> /var/run/vrrp.pid
> /var/run/keepalived.pid
> /var/run/starter.pid
> /var/lock/subsys/ipsec
> Files are created during startup of ipsec (pluto) and keepalived
> deamons.
> I think thar leaving them world writable is security hole. For
> example delete or change of its content could confuses monit
> watching them running and restarting when they die.

You could get the initscripts to send signals to any PID you want, so
yes, it is a nasty security issue.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: